Tax time is fast approaching, which tends to correspond with a significant uptick in tax-related online scams. These types of scams have never been uncommon, but have certainly increased in numbers as more and more of us look to complete our tax forms online.
For many of us, completing our tax returns is confusing and stressful — no matter how much the ATO attempts to simplify the process. Hackers see this stress as a prime opportunity to attack, taking advantage of the complicated nature of tax to convince us that we have done something wrong or our personal information is a threat. Fortunately, should you be targeted by a scammer, there are a few key ways to tell that something is amiss. One of these is any mention of the term ‘gift card’.
Gift cards are a common and convenient way to give someone a gift. Incidentally, they are also one of the most common ways that scammers attempt to steal your money. This is because gift cards are like cash — if you buy a gift card and pass it onto someone (say, for example, an online criminal impersonating the ATO), you can’t get your money back.
Several different types of scammers have been known to ask for gift card payments. Someone might call you pretending to be from the ATO, reporting that you have unpaid, overdue taxes. Another scammer might call to say they are a cybersecurity company and viruses have been detected on your computer. In both cases, the only way that you can make payment is — you guessed it, via a gift card.
Once the online criminals have these cards, they typically sell them for a cash profit.
Scam warning signs
At the heart of most online scams are fraudulent emails and web pages that result in your personal information being stolen — for example, your name, date of birth, and contact details. This type of scam is known as ‘phishing’ and online criminals can use this information to build trust with their victim.
If someone from the ATO calls you and already has your personal information, you are far more likely to believe that they are a legitimate representative.
Although it is becoming increasingly difficult to recognize if someone is scamming you online, there are certain red flags to be aware of:
- The email appears to come from a business or organization that uses a free email service, such as Gmail, Yahoo, or Outlook, rather than a business email. For example, the ATO would never use an address like “firstname.lastname@example.org”. Always make sure to double-check if you know who has sent an email before opening it and if you open it, do not click on any links in the email or download any attached documents.
- The body or subject line of the email uses strong or aggressive language to communicate the urgency of an action you must take — “If you do not make payment to the ATO immediately, you may be prosecuted for criminal behavior”.
- The person who has sent the email asks for your personal or financial information. If you receive this type of message, call the organization to check with them what information they need and why they need it. If they haven’t, forward the email to the company for their reference and then immediately delete it.
- The sender asks you to give them money via money order or gift card. Think about it — if you did owe tax money, why would the ATO accept this money via an iTunes gift card?
- Scammers have also been known to contact their victims with the “good” news that they have won “a prize”. However, to claim the prize, they need to provide a gift card in return. Again, this type of scam doesn’t make logical sense but many victims are so happy to hear that they have come into unexpected cash that they will do anything that the scammer requests.
What to do if you’ve been scammed
Regardless of the type of scam that you have fallen victim to, there are a few key steps that you should take to protect yourself and your family from incurring more damage.
- Contact people you know: This is particularly important if you have been scammed via a work computer or phone. The cybercriminal could now have access to your business’ databases and customer information.
- Contact your financial institution: Regardless of whether you think the scammer has direct access to your financial accounts, you should contact your bank to let them know that you’ve been victim to a scam. They will have security steps they can put in place to protect your assets.
- Report the scam to the authorities: If you have been contacted by a scammer pretending to be from the ATO (or any type of official organization), be sure to report the scam to the authorities. Doing so helps them build a bigger picture of how online criminals operate.
- Change your online passwords: It’s always recommended that you use a separate password for each of your online accounts. In reality, few of us do this, which means that once an online criminal has access to one of your accounts, they potentially can access all of them. If you’ve fallen victim to a scam, be sure to change each of your passwords and consider using an encrypted password manager if you struggle to remember all of your online logins.
- Sign up to dark web monitoring: Once an online criminal has access to your information, they may choose to sell it on the dark web. It is very difficult (practically impossible) to have information removed from the dark web. However, dark web monitoring is a form of security software that can at least alert you to the fact that your information is in the hands of cybercriminals so that you can take appropriate action to mitigate the damage.
In short, the term “gift card” should prompt instant alarm bells. Any time you feel uneasy about an email or phone call that you receive, call the organization using their official contact information. Understand that the ATO will never demand that you pay taxes via gift cards and report any online scams you come across to the authorities. By following all of these simple steps, we can stop scammers in their tracks.